The data circulating online included the e-mail addresses and hashed passwords for 7 million Lifeboat accounts. The mass compromise was discovered by Troy Hunt, the security researcher behind the Have I been pwned? breach notification site. Hunt said he had acquired the data from someone actively involved in trading hacked login credentials who has provided similar data in the past.

Hunt reported that some of the plaintext passwords users had chosen were so weak that he was able to discover them simply by posting the corresponding MD5 hash into Google. As if many users’ approach to password selection weren’t lackadaisical enough, Lifeboat’s own Getting started guide recommended “short, but difficult to guess passwords” because “This is not online banking.”

Crude but effective

Short passwords are especially prone to cracking by brute force, a technique that tries all possible combinations of numbers, letters, and special characters until the specific one protecting a compromised account is tried. By counseling users to choose short passwords, Lifeboat operators made this crude cracking approach feasible. After all, a six-character password that uses letters and numbers has just 626 possible combinations. An 11-character password with letters and numbers has 6211 combinations, making it out of reach by brute-force methods.
The advice is compounded by the reliance on unsalted MD5 hashes to obscure the password plaintext. MD5 was designed to be extremely fast and require minimal computation. In years past, those were good attributes that gave a performance boost to inexpensive hardware. But as computers have grown increasingly powerful, the same qualities make MD5 a liability. The fact that the hashes were unsalted—meaning the plaintext passwords weren’t combined with a value that was unique for each account—makes the cracking process go much quicker and require less computation. Because salting ensures that each stored hash is unique even if two users choose the same passcode, each hash in a compromised table must be cracked separately, even if they mask one or more identical plaintext passwords.

Lifeboat officials told Motherboard that MD5 is no longer being used. They also said they implemented a password reset but didn’t disclose the breach because they didn’t want to notify the attackers there would be a limited shelf life to the hashes. Some Lifeboat users have disputed the claim there was a password reset. What’s known for sure is that the practices exposed in the breach are a text-book example of how not to store password data at rest.

Source:  Arstechnica

This year in 2016 I plan to do the same thing because I’m growing tired of programs like Google Hangouts, Facebook Messenger, Skype & the potential for the government or hackers to be spying on my private conversations.

Now, I know you might think that you don’t have much to hide which may be true. I know I don’t really have anything special to hide but I still like to keep my private conversations “Private” and away from the spying eyes of our government and potential hackers.

So if you plan to chat with me in 2016 on Hangouts, Messenger, Skype or even good old SMS I may ask you to add me on Viber, Whatsapp or even Signal instead because I simply want to use End to End Encryption vs unsecured messaging types noted above.

I recommend if you do use Viber and Whatsapp that you DO NOT back them up to cloud services like ICloud or Google Drive because those platforms aren’t encrypted and is a security risk.

Read this story for more interesting information.

• Performance in everyday tasks, such as boot time now nearly 30% faster than Windows 7 on the same device.
• With Cortana, you can use your device’s pen** to just scribble a note in the Cortana Notebook and Cortana will recognize the phone number, email address, and even physical address to help you set reminders. Cortana can also now keep track of your event and movie bookings too, sending you helpful reminders to know where to go and get there on time, plus the option to book and track an Uber**. We’re excited to make Cortana available in Japan, Australia, and Canada and India (in English) with features and experiences customized for each market.
• Microsoft Edge offers improved performance and security, along with tab preview, which allows you to hover over your open tabs and get a preview of what’s on those websites without leaving the page you’re on. Microsoft Edge now syncs your Favorites and Reading list items across devices so you can easily get back to the content you’re interested in most. And, Cortana will now notify you of the best coupons** from your favorite retailers such as Staples, Macys and Best Buy when shopping in Microsoft Edge.

And much more with improvements to Mail, Calendar, Photos, Groove, Xbox, Store, OneNote, Solitaire, and more!

I personally haven’t noticed a lot of big changes since I received the update. Read Microsoft’s technote on this update for more information.